Threats Tagged 'cve-'
View all threats tagged with 'cve-'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-23111: exploiting and detecting a nftables UAF born from a security fixCVE-2026-23111 0 CVE-2026-23111 is a use-after-free (UAF) vulnerability in the Linux kernel's nftables subsystem, introduced by a security fix for a previous vulnerability (CVE-2023-4244). This flaw affects nf_tables and is reachable from an unprivileged user namespace. The vulnerability enables advanced exploitation techniques including kernel address space layout randomization (KASLR) leaks, arbitrary reads, kernel structure traversal, and privilege escalation to root (uid=0) without hardcoded addresses. The exploit and detection methods have been publicly disclosed, emphasizing detection strategies beyond payload identification. No specific affected versions or vendor patches are detailed in the provided information. Join the discussion | Reddit ExploitDev | 06/18/2026, 10:44:40 UTC Added: 06/18/2026, 11:35:03 UTC |
CVE-2026-39949: Authenticated Remote Code Execution in Cacti ≤ 1.2.30CVE-2026-39949 0 CVE-2026-39949 is an authenticated remote code execution vulnerability in Cacti versions up to and including 1.2.30. The flaw arises from unsanitized variable substitution in RRDtool command-line arguments, allowing users with graph management privileges to inject arbitrary OS commands via host metadata fields such as the device notes. Exploitation requires authenticated access with permissions to create devices and graph templates. An attacker can craft malicious input in the notes field and trigger code execution during graph rendering. Join the discussion | Reddit Cybersecurity | 06/16/2026, 21:06:50 UTC Added: 06/16/2026, 21:15:06 UTC |
OpenSSL PKCS#7 CVE-2026-45447CVE-2026-45447 0 CVE-2026-45447 is a use-after-free vulnerability in OpenSSL's PKCS#7 signature verification. It occurs when processing specially crafted PKCS#7 or S/MIME signed messages containing an empty ASN.1 SET in the SignedData digestAlgorithms field. This causes OpenSSL to incorrectly free a caller-owned BIO during PKCS7_verify(), leading to potential crashes, heap corruption, or remote code execution. Applications using OpenSSL PKCS#7 APIs may be affected, while those using CMS APIs or FIPS modules are not impacted. The vulnerability has been addressed by OpenSSL in official commits. Join the discussion | Reddit Cybersecurity | 06/10/2026, 13:17:10 UTC Added: 06/10/2026, 13:18:23 UTC |
depthfirst's AI agent found 21 FFmpeg zero-days (CVE-2026-39210–39218) for ~$1,000 — oldest bug from 2003. What does this do to the economics of vuln research?CVE-2026-39210 0 An autonomous AI agent developed by the security startup depthfirst discovered 21 zero-day vulnerabilities in the FFmpeg multimedia framework, including nine assigned CVEs (CVE-2026-39210 through CVE-2026-39218). These vulnerabilities primarily involve heap and stack overflows in various parsers and demuxers, with some bugs dating back to 2003. FFmpeg maintainers have been responsive and are shipping fixes. The discovery raises concerns about the effectiveness of traditional static and dynamic analysis tools against memory corruption in large C codebases and the potential impact of AI-driven vulnerability discovery on disclosure pipelines and vulnerability economics. Join the discussion | Reddit BlueTeam | 06/07/2026, 02:43:51 UTC Added: 06/07/2026, 02:48:31 UTC |
Showing 1 to 4 of 4 results